If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Gummi bears defeat fingerprint sensors

A Japanese cryptographer has demonstrated how fingerprint recognition devices can be fooled using a combination of low cunning, cheap kitchen supplies and a digital camera.

First Tsutomu Matsumoto used gelatine (as found in Gummi Bears and other sweets) and a plastic mould to create a fake finger, which he found fooled fingerprint detectors four times out of five.

Flushed with his success, he took latent fingerprints from a glass, which he enhanced with a cyanoacrylate adhesive (super-glue fumes) and photographed with a digital camera. Using PhotoShop, he improved the contrast of the image and printed the fingerprint onto a transparency sheet.

Here comes the clever bit.

Matsumoto took a photo-sensitive printed-circuit board (which can be found in many electronic hobby shops) and used the fingerprint transparency to etch the fingerprint into the copper.

From this he made a gelatine finger using the print on the PCB, using the same process as before. Again this fooled fingerprint detectors about 80 per cent of the time.

Fingerprint biometric devices, which attempt to identify people on the basis of their fingerprint, are touted as highly secure and almost impossible to fool but Matsumoto's work calls this comforting notion into question. The equipment he used is neither particularly hi-tech, nor expensive and if Matsumoto can pull off the trick what would corporate espionage boffins be capable of?

Matsumoto tried these attacks against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them.

Noted cryptographer Bruce Schneier, the founder and CTO of Counterpane Internet Security, described Matsumoto's work as more than impressive.

"The results are enough to scrap the systems completely, and to send the various fingerprint biometric companies packing," said Schneier in yesterday's edition of his Crypto-Gram newsletter, which first publicised the issue. ®

[glowpurple]manually editing your config files can break them. If this happens, you get to keep both pieces. [/glowpurple]

Re: Gummi bears defeat fingerprint sensors

Originally posted here by jcdux I saw this on Crypto-Gram and also at theRegister

A Japanese cryptographer has demonstrated how fingerprint recognition devices can be fooled using a combination of low cunning, cheap kitchen supplies and a digital camera.

First Tsutomu Matsumoto used gelatine (as found in Gummi Bears and other sweets) and a plastic mould to create a fake finger, which he found fooled fingerprint detectors four times out of five.

Flushed with his success, he took latent fingerprints from a glass, which he enhanced with a cyanoacrylate adhesive (super-glue fumes) and photographed with a digital camera. Using PhotoShop, he improved the contrast of the image and printed the fingerprint onto a transparency sheet.

Here comes the clever bit.

Matsumoto took a photo-sensitive printed-circuit board (which can be found in many electronic hobby shops) and used the fingerprint transparency to etch the fingerprint into the copper.

From this he made a gelatine finger using the print on the PCB, using the same process as before. Again this fooled fingerprint detectors about 80 per cent of the time.

Fingerprint biometric devices, which attempt to identify people on the basis of their fingerprint, are touted as highly secure and almost impossible to fool but Matsumoto's work calls this comforting notion into question. The equipment he used is neither particularly hi-tech, nor expensive and if Matsumoto can pull off the trick what would corporate espionage boffins be capable of?

Matsumoto tried these attacks against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them.

Noted cryptographer Bruce Schneier, the founder and CTO of Counterpane Internet Security, described Matsumoto's work as more than impressive.

"The results are enough to scrap the systems completely, and to send the various fingerprint biometric companies packing," said Schneier in yesterday's edition of his Crypto-Gram newsletter, which first publicised the issue. ®

not like this is a new idea....how many stray arms and eyes have we used in rpgs to open doors...lots...and mission impossible...they were doing this thing in the 60's ...any good FP scanner should have a heat sensor as well (not that that's foolproof either) ...but that would defeat this type of thing....AND imho...any biometric device should always be used in conjunction with a pwd or pin...

I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson